U.S. charges Chinese hackers with commercial advantage

  • Published
  • Department of Justice Public Affairs

A grand jury in the Western District of Pennsylvania indicted three Chinese hackers, who work for the purported China-based Internet security firm Guangzhou Bo Yu Information Technology Company Limited (a/k/a “Boyusec”), for computer hacking, theft of trade secrets, conspiracy and identity theft directed at three international corporate victims in the financial, engineering and technology industries between 2011 and May 2017.


The defendants are Wu Yingzhuo, Dong Hao, and Xia Lei, all of whom are Chinese nationals and residents of China.


The Federal Bureau of Investigation, Naval Criminal Investigative Services, and the Air Force Office of Special Investigations conducted the investigation that led to the charges in the indictment.


The indictment alleges the defendants conspired to hack into private corporate entities to maintain unauthorized access to, and steal sensitive internal documents and communications from, those entities’ computers. For one victim, information the defendants targeted and stole between December 2015 and March 2016 contained trade secrets.


The charges were announced Nov. 27, 2017, by Acting U.S. Attorney Soo C. Song for the Western District of Pennsylvania, Special Agent in Charge Robert Johnson of FBI’s Pittsburgh Division and Acting Assistant Attorney General for National Security Dana Boente.


“Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information,” said Song. “These conspirators masked their criminal conspiracy by exploiting unwitting computers, called ‘hop points,’ conducting ‘spear-phish’ email campaigns to gain unauthorized access to corporate computers and deploying malicious code to infiltrate the victim computer networks.”


“In order to effectively address the cyber threat, a threat that respects no boundaries and continues to grow in both its scope and complexity, law enforcement must come together and transcend borders to target criminal actors no matter where they are in the world,” said Johnson.


“Once again, the Department and the FBI have demonstrated that hackers around the world who are seeking to steal our companies’ most sensitive and valuable information can and will be exposed and held accountable,” said Boente. “The Department is committed to pursuing the arrest and prosecution of these hackers, no matter how long it takes, and we have a long memory.”


The indictment alleges defendants Wu, Dong, Xia, and others known and unknown to the grand jury (collectively as “the co-conspirators”) coordinated computer intrusions against businesses and entities, operating in the United States and elsewhere. To accomplish their intrusions, the co-conspirators would, for example, send spear-phishing e-mails to employees of the targeted entities, which included malicious attachments or links to malware. If a recipient opened the attachment or clicked on the link, such action would facilitate unauthorized, persistent access to the recipient’s computer. With such access, the co-conspirators would typically install other tools on victim computers, including malware the co-conspirators referred to as “ups” and “exeproxy.” In many instances, the co-conspirators sought to conceal their activities, location and Boyusec affiliation by using aliases in registering online accounts, intermediary computer servers known as “hop points,” and valid credentials stolen from victim systems.


The primary goal of the co-conspirators’ unauthorized access to victim computers was to search for, identify, copy, package and steal data from those computers, including confidential business and commercial information, work product and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems. For the three victim entities listed in the Indictment, such information included hundreds of gigabytes of data regarding the housing finance, energy, technology, transportation, construction, land survey and agricultural sectors.


Any sentence will be imposed by the court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence.


This case is being prosecuted by Assistant U.S. Attorney James T. Kitchen of the United States Attorney’s Office for the Western District of Pennsylvania, and Cyber Counsel Jessica Romero and Trial Attorney Jennifer Kennedy Gellie from the Department of Justice’s National Security Division Counterintelligence and Export Control Section on behalf of the government.


An indictment is merely an accusation and a defendant is presumed innocent unless proven guilty in a court of law.